Re: Peer-to-peer SSL/TLS best practices/strategy
Re: Peer-to-peer SSL/TLS best practices/strategy
- Subject: Re: Peer-to-peer SSL/TLS best practices/strategy
- From: "Quinn \"The Eskimo!\"" <email@hidden>
- Date: Thu, 13 Dec 2012 09:50:23 +0000
On 12 Dec 2012, at 23:48, Jens Alfke <email@hidden> wrote:
> In addition to the hybrid approach Quinn suggested (which isn’t fully P2P), you can also generate a key-pair in the app itself using the Security framework APIs, probably on the app's first launch.
There are two drawbacks with this approach. The first Jens already noted (the issue of deciding whether to trust the remote peer's certificate). The second relates to certificate generation. TLS, as expressed in the APIs that we ship, requires the peers to apply a digital identity to the connection. This is composed of the private key and a certificate that embeds the associated public key. Getting the private and public keys is easy (SecKeyGeneratePair). Creating the certificate is hard; there's no API for this, so you end up having to roll your own ASN.1 goo. I'm pretty sure Jens has code for that; I'll leave him to provide the details.
Share and Enjoy
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden